Skip to content

Commit

Permalink
feat: Setup default permissions for package versions
Browse files Browse the repository at this point in the history
  • Loading branch information
@KallynGowdy
KallynGowdy committed Nov 18, 2024
1 parent 66716b1 commit 6e97443
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 1 deletion.
47 changes: 47 additions & 0 deletions src/aux-records/PolicyController.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2561,6 +2561,7 @@ describe('PolicyController', () => {
['webhook'],
['notification'],
['package'],
['package.version'],
];

// Admins can perform all actions on all resources
Expand Down Expand Up @@ -3653,6 +3654,28 @@ describe('PolicyController', () => {
['listSubscriptions', 'resourceId'],
],
],
[
'package.version',
[
['create', 'resourceId'],
['delete', 'resourceId'],
['update', 'resourceId'],
['read', 'resourceId'],
['list', null],
['assign', 'resourceId'],
['unassign', 'resourceId'],
['grant', 'resourceId'],
['revoke', 'resourceId'],
['grantPermission', 'resourceId'],
['revokePermission', 'resourceId'],
['count', 'resourceId'],
['increment', 'resourceId'],
['run', 'resourceId'],
['send', 'resourceId'],
['subscribe', 'resourceId'],
['listSubscriptions', 'resourceId'],
],
],
];

const recordKeySubjectTypeDenialCases: [SubjectType, string][] = [
Expand Down Expand Up @@ -3774,6 +3797,16 @@ describe('PolicyController', () => {
],
[
'package',
[
['create', 'resourceId'],
['delete', 'resourceId'],
['update', 'resourceId'],
['read', 'resourceId'],
['list', null],
],
],
[
'package.version',
[
['create', 'resourceId'],
['delete', 'resourceId'],
Expand Down Expand Up @@ -4287,6 +4320,13 @@ describe('PolicyController', () => {
['list', null],
],
],
[
'package.version',
[
['read', 'resourceId'],
['list', null],
],
],
];

const publicReadSubjectTypeCases: [
Expand Down Expand Up @@ -4408,6 +4448,13 @@ describe('PolicyController', () => {
],
[
'package',
[
['read', 'resourceId'],
['list', null],
],
],
[
'package.version',
[
['read', 'resourceId'],
['run', 'resourceId'],
Expand Down
3 changes: 2 additions & 1 deletion src/aux-records/PolicyController.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,8 @@ const ALLOWED_STUDIO_MEMBER_RESOURCES: [ResourceKinds, ActionKinds[]][] = [
],
['loom', ['create']],
['webhook', ['read', 'create', 'delete', 'update', 'list', 'run']],
['package', ['read', 'create', 'delete', 'update', 'list', 'run']],
['package', ['read', 'create', 'delete', 'update', 'list']],
['package.version', ['read', 'create', 'delete', 'update', 'list', 'run']],
];

const ALLOWED_MODERATOR_ACTIONS = new Set<string>([
Expand Down
14 changes: 14 additions & 0 deletions src/aux-records/PolicyStore.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -795,6 +795,13 @@ export function getPublicReadPermission(
action,
};
}
} else if (resourceKind === 'package.version') {
if (action === 'read' || action === 'list') {
return {
resourceKind,
action,
};
}
}

// All other actions are not allowed.
Expand Down Expand Up @@ -869,6 +876,13 @@ export function getPublicWritePermission(
};
}
} else if (resourceKind === 'package') {
if (action === 'read' || action === 'list') {
return {
resourceKind,
action,
};
}
} else if (resourceKind === 'package.version') {
if (action === 'read' || action === 'list' || action === 'run') {
return {
resourceKind,
Expand Down

0 comments on commit 6e97443

Please sign in to comment.